New "Plundervolt" Intel CPU Vulnerability Exploits vCore to Fault SGX and Steal Protected Data

btarunr · Dec 11, 2019

A group of cybersecurity researchers have discovered a new security vulnerability affecting Intel processors, which they've craftily named "Plundervolt," a portmanteau of the words "plunder" and "undervolt." Chronicled under CVE-2019-11157, it was first reported to Intel in June 2019 under its security bug-bounty programme, so it could secretly develop a mitigation. With the 6-month NDA lapsing, the researchers released their findings to the public. Plundervolt is described by researchers as a way to compromise SGX (software guard extensions) protected memory by undervolting the processor when executing protected computations, to a level where SGX memory-encryption no longer protects data. The researchers have also published proof-of-concept code.

Plundervolt is different from "Rowhammer," in that it flips bits inside the processor, before they're written to the memory, so SGX doesn't protect them. Rowhammer doesn't work with SGX-protected memory. Plundervolt requires root privileges as software that let you tweak vCore require ring-0 access. You don't need direct physical access to the target machine, as tweaking software can also be remotely run. Intel put out security advisory SA-00298 and is working with motherboard vendors and OEMs to release BIOS updates that pack a new microcode with a mitigation against this vulnerability. The research paper can be read here.

View at TechPowerUp Main Site

Chomiq · Dec 11, 2019

Had to do it:

Come on Intel it's time to rebuild your cpu architecture from the scratch.

Xuper · Dec 11, 2019

Image if you can rise Vcore CPU in department like FBI , Dow jones , or even Airport , Power plant , ......via flash driver.

HD64G · Dec 11, 2019

Not surprised at all from this news. Surprised only by customers that keep buying Intel CPUs...

Logoffon · Dec 11, 2019

I'm downright tired of these vulnerabilities, especially those that has a microcode patch that results in lower performance.
Can't researchers shut up about these and make them confidental?
Also, I don't care about privacy cr4p at all. Just let me have full performance from the processor, please.

ratirt · Dec 11, 2019

HD64G said:
Not surprised at all from this news. Surprised only by customers that keep buying Intel CPUs...

Been thinking the same. Although, I see now a change in the winds you know. The big PC vendors like HP for instance are slowly moving towards AMD at least in some areas. At my work we have been refused to purchase same Elitedesk G4's with Intel CPU because HP is not selling these any longer. We had to go with Ryzen. The Intel equipped desktops are still listed but when you want a large number of desktops, the company will not be able to deliver because these are only leftovers I suppose.

What is most important, since the vulnerabilities, companies purchasing Intel desktops from HP or any other vendor, might have an issue with them for selling security flawed equipment. There has to be a response to the vulnerabilities from the market.

Chomiq · Dec 11, 2019

ratirt said:
Been thinking the same. Although, I see now a change in the winds you know. The big PC vendors like HP for instance are slowly moving towards AMD at least in some areas. At my work we have been refused to purchase same Elitedesk G4's with Intel CPU because HP is not selling these any longer. We had to go with Ryzen. The Intel equipped desktops are still listed but when you want a large number of desktops, the company will not be able to deliver because these are only leftovers I suppose.

They have to divert some of their production to AMD simply because Intel has continued supply shortages.

R0H1T · Dec 11, 2019

At this point you have to wonder if Intel's ~~holes~~ vulnerabilities are more interesting than their (upcoming) products themselves :laugh:

Intel Launches Horse Ridge Chip for Quantum Computing Systems

londiste · Dec 11, 2019

Plundervolt requires root privileges as software that let you tweak vCore require ring-0 access.

ratirt · Dec 11, 2019

Chomiq said:
They have to divert some of their production to AMD simply because Intel has continued supply shortages.

Well this is just as possible as what I said. Maybe the vulnerabilities and supply issues are both correct. For the companies going Ryzen is simply killing 2 birds with one stone

BTW. A cheaper stone

Imsochobo · Dec 11, 2019

Logoffon said:
I'm downright tired of these vulnerabilities, especially those that has a microcode patch that results in lower performance.
Can't researchers shut up about these and make them confidental?
Also, I don't care about privacy cr4p at all. Just let me have full performance from the processor, please.

it's quite easy, buy something else and it's no problem.
also, I think you care if your credit card details were stolen

R-T-B · Dec 11, 2019

Xuper said:
Image if you can rise Vcore CPU in department like FBI , Dow jones , or even Airport , Power plant , ......via flash driver.

I mean, you always could with root. Root-requiring vulnerabilities like this bore me, and are being majorly sensationalized.

hat · Dec 11, 2019

R-T-B said:
I mean, you always could with root. Root-requiring vulnerabilities like this bore me, and are being majorly sensationalized.

I agree, though I remain tired of all these vulnerabilities, and the patches that follow them that further reduce performance each time (and sometimes, cause worse things to happen).

R00kie · Dec 11, 2019

windwhirl · Dec 11, 2019

Another vulnerability?

*Sigh*

freeagent · Dec 11, 2019

That just means you actually have to overclock your cpu, rather than letting it oc automatically. Straight voltage, 1 multiplyer, and your silent pc is ruined lol.

xkm1948 · Dec 11, 2019

R-T-B said:
I mean, you always could with root. Root-requiring vulnerabilities like this bore me, and are being majorly sensationalized.

The sound of reasoning in a sea of sensationalized replies.

newtekie1 · Dec 11, 2019

So another "vulnerability" that requires you to basically hand your system over to the attacker before they can even exploit it?

Exploits like these are like saying your car is vulnerable to being stolen...if you give the car thief your car keys and walk him to your car.

Super XP · Dec 11, 2019

So this adds to the already 250+ CPU Vulnerabilities. And those that did get patched need repatching which still don't work, because the issue is a design flaw.
And why are people still buying Intel CPU's? When AMD has the best processors on the planet. lol

windwhirl · Dec 11, 2019

I think the only "remarkable" feature about this vulnerability is that they are using voltage, of all things, to exploit it. That's new, at least for me.

Super XP · Dec 11, 2019

The company [INTEL] tried to downplay the problems early on, with confusing and carefully worded statements. We’re now approaching two years since these key processor flaws were discovered, and Intel is still misleading its customers over the status of fixes.

“There are tons of vulnerabilities still left, we are sure,” says Herbert Bos, a professor at Vrije Universiteit Amsterdam, in an interview with The New York Times. “And they [INTEL] don’t intend to do proper security engineering until their reputation is at stake.”

Intel claimed issues were fixed, but they weren’t..

newtekie1 · Dec 11, 2019

Super XP said:
And why are people still buying Intel CPU's? When AMD has the best processors on the planet. lol

One thing that needs to be asked is, are there more vulnerabilities being found on Intel processors because Intel processors are actually less secure OR are their more vulnerabilities being found because Intel pays a bounty to people that find vulnerabilities and AMD doesn't?

windwhirl said:
I think the only "remarkable" feature about this vulnerability is that they are using voltage, of all things, to exploit it. That's new, at least for me.

I agree, I think that's pretty interesting actually. I couldn't care less about the actual vulnerability.

windwhirl · Dec 11, 2019

newtekie1 said:
One think that needs to be asked is, are there more vulnerabilities being found on Intel processors because Intel processors are actually less secure OR are their more vulnerabilities being found because Intel pays a bounty to people that find vulnerabilities and AMD doesn't?

Well, a quick Google search about "AMD bounty" doesn't reveal anything. On AMD's site there is a page about how to report bugs, but no mention of bounties.

Intel does have a bug bounty program on HackerOne, though, at the very least.

newtekie1 · Dec 11, 2019

windwhirl said:
Well, a quick Google search about "AMD bounty" doesn't reveal anything. On AMD's site there is a page about how to report bugs, but no mention of bounties.

Intel does have a bug bounty program on HackerOne, though, at the very least.

That's my point. There is an actual financial incentive to find and report bugs on Intel processors. So it only makes sense that there are more found and reported on the Intel side.

londiste · Dec 11, 2019

newtekie1 said:
One think that needs to be asked is, are there more vulnerabilities being found on Intel processors because Intel processors are actually less secure

Intel processors are much better known in terms of microarchitectural functionality.

System Name	RBMK-1000
Processor	AMD Ryzen 7 5700G
Motherboard	ASUS ROG Strix B450-E Gaming
Cooling	DeepCool Gammax L240 V2
Memory	2x 8GB G.Skill Sniper X
Video Card(s)	Palit GeForce RTX 2080 SUPER GameRock
Storage	Western Digital Black NVMe 512GB
Display(s)	BenQ 1440p 60 Hz 27-inch
Case	Corsair Carbide 100R
Audio Device(s)	ASUS SupremeFX S1220A
Power Supply	Cooler Master MWE Gold 650W
Mouse	ASUS ROG Strix Impact
Keyboard	Gamdias Hermes E2
Software	Windows 11 Pro

Processor	Ryzen 7 5800X3D
Motherboard	Gigabyte X570 Aorus Elite
Cooling	Thermalright Phantom Spirit 120 SE
Memory	2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3800 CL16
Video Card(s)	RTX3080 Ti FE
Storage	SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s)	LG 34GN850P-B
Case	SilverStone Primera PM01 RGB
Audio Device(s)	SoundBlaster G6 \| Fidelio X2 \| Sennheiser 6XX
Power Supply	SeaSonic Focus Plus Gold 750W
Mouse	Endgame Gear XM1R
Keyboard	Wooting Two HE

System Name	Home PC
Processor	Ryzen 5900X
Motherboard	Asus Prime X370 Pro
Cooling	Thermaltake Contac Silent 12
Memory	2x8gb F4-3200C16-8GVKB - 2x16gb F4-3200C16-16GVK
Video Card(s)	XFX RX480 GTR
Storage	Samsung SSD Evo 120GB -WD SN580 1TB - Toshiba 2TB HDWT720 - 1TB GIGABYTE GP-GSTFS31100TNTD
Display(s)	Cooler Master GA271 and AoC 931wx (19in, 1680x1050)
Case	Green Magnum Evo
Power Supply	Green 650UK Plus
Mouse	Green GM602-RGB ( copy of Aula F810 )
Keyboard	Old 12 years FOCUS FK-8100

Processor	AMD Ryzen 5 5600@80W
Motherboard	MSI B550 Tomahawk
Cooling	ZALMAN CNPS9X OPTIMA
Memory	2*8GB PATRIOT PVS416G400C9K@3733MT_C16
Video Card(s)	Sapphire Radeon RX 6750 XT Pulse 12GB
Storage	Sandisk SSD 128GB, Kingston A2000 NVMe 1TB, Samsung F1 1TB, WD Black 10TB
Display(s)	AOC 27G2U/BK IPS 144Hz
Case	SHARKOON M25-W 7.1 BLACK
Audio Device(s)	Realtek 7.1 onboard
Power Supply	Seasonic Core GC 500W
Mouse	Sharkoon SHARK Force Black
Keyboard	Trust GXT280
Software	Win 7 Ultimate 64bit/Win 10 pro 64bit/Manjaro Linux

System Name	Bro2
Processor	Ryzen 5800X
Motherboard	Gigabyte X570 Aorus Elite
Cooling	Corsair h115i pro rgb
Memory	32GB G.Skill Flare X 3200 CL14 @3800Mhz CL16
Video Card(s)	Powercolor 6900 XT Red Devil 1.1v@2400Mhz
Storage	M.2 Samsung 970 Evo Plus 500MB/ Samsung 860 Evo 1TB
Display(s)	LG 27UD69 UHD / LG 27GN950
Case	Fractal Design G
Audio Device(s)	Realtec 5.1
Power Supply	Seasonic 750W GOLD
Mouse	Logitech G402
Keyboard	Logitech slim
Software	Windows 10 64 bit

New "Plundervolt" Intel CPU Vulnerability Exploits vCore to Fault SGX and Steal Protected Data

btarunr

Editor & Senior Moderator

Chomiq

Xuper

HD64G

Logoffon

ratirt

Chomiq

R0H1T

londiste

ratirt

Imsochobo

R-T-B

hat

Enthusiast

R00kie

windwhirl

freeagent

Moderator

xkm1948

newtekie1

Semi-Retired Folder

Super XP

windwhirl

Super XP

newtekie1

Semi-Retired Folder

windwhirl

newtekie1

Semi-Retired Folder

londiste

Processor	Ryzen 7800X3D
Motherboard	ROG STRIX B650E-F GAMING WIFI
Memory	2x16GB G.Skill Flare X5 DDR5-6000 CL36 (F5-6000J3636F16GX2-FX5)
Video Card(s)	INNO3D GeForce RTX™ 4070 Ti SUPER TWIN X2
Storage	2TB Samsung 980 PRO, 4TB WD Black SN850X
Display(s)	42" LG C2 OLED, 27" ASUS PG279Q
Case	Thermaltake Core P5
Power Supply	Fractal Design Ion+ Platinum 760W
Mouse	Corsair Dark Core RGB Pro SE
Keyboard	Corsair K100 RGB
VR HMD	HTC Vive Cosmos

Processor	R9 5800x3d \| R7 3900X \| 4800H \| 2x Xeon gold 6142
Motherboard	Asrock X570M \| AB350M Pro 4 \| Asus Tuf A15
Cooling	Air \| Air \| duh laptop
Memory	64gb G.skill SniperX @3600 CL16 \| 128gb \| 32GB \| 192gb
Video Card(s)	RTX 4080 \|Quadro P5000 \| RTX2060M
Storage	Many drives
Display(s)	AW3423dwf.
Case	Jonsbo D41
Power Supply	Corsair RM850x
Mouse	g502 Lightspeed
Keyboard	G913 tkl
Software	win11, proxmox

System Name	Pioneer
Processor	Ryzen R9 9950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64 / Windows 11 Enterprise IoT 2024

System Name	Starlifter :: Dragonfly
Processor	i7 2600k 4.4GHz :: i5 10400
Motherboard	ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling	Cryorig M9 :: Stock
Memory	4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s)	PNY GTX1070 :: Integrated UHD 630
Storage	Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s)	Onn 165hz 1080p :: Acer 1080p
Case	Antec SOHO 1030B :: Old White Full Tower
Audio Device(s)	Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply	FSP Hydro GE 550w :: EVGA Supernova 550
Software	Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores	>9000

System Name	Main / HTPC
Processor	Ryzen 7 7800X3D / Ryzen 7 2700
Motherboard	Aorus B650M Elite AX/ B450i Aorus Pro Wifi
Cooling	Lian-Li Galahad 360 / Wraith Spire
Memory	Corsair Vengeance 2x16 6000MHz CL30 / HyperX Predator 2x8GB 3200MHz
Video Card(s)	RTX 3080 FE / ARC A380
Storage	WD Black SN770 1TB / Sabrent Rocket 256GB
Display(s)	Aorus FO32U2P / 39" Panasonic HDTV
Case	Fractal Arc XL / Cougar QBX
Audio Device(s)	Denon AVR-X2800H / Realtek ALC1220
Power Supply	Corsair RM850 / BeQuiet SFX Power 2 450W
Mouse	Logitech G903
Keyboard	Drop Sense75 with WQ Studio Morandi's
VR HMD	Rift S
Software	Win 11 Pro 64Bit

System Name	System V
Processor	AMD Ryzen 5 3600
Motherboard	Asus Prime X570-P
Cooling	Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory	2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s)	Gigabyte AORUS Radeon RX 580 8 GB
Storage	SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s)	LG 22MP55 IPS Display
Case	NZXT Source 210
Audio Device(s)	Logitech G430 Headset
Power Supply	Corsair CX650M
Software	Whatever build of Windows 11 is being served in Canary channel at the time.
Benchmark Scores	Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624

Processor	AMD R7 5800X3D
Motherboard	Asus Crosshair VIII Dark Hero
Cooling	Thermalright Frozen Edge 360, 3x TL-B12 V2, 2x TL-B12 V1
Memory	2x8 G.Skill Trident Z Royal 3200C14, 2x8GB G.Skill Trident Z Black and White 3200 C14
Video Card(s)	Zotac 4070 Ti Trinity OC
Storage	WD SN850 1TB, SN850X 2TB, SN770 1TB
Display(s)	LG 50UP7100
Case	Fractal Torrent Compact
Audio Device(s)	JBL Bar 700
Power Supply	Seasonic Vertex GX-1000, Monster HDP1800
Mouse	Logitech G502 Hero
Keyboard	Logitech G213
VR HMD	Oculus 3
Software	Yes
Benchmark Scores	Yes

System Name	Virtual Reality / Bioinformatics
Processor	Undead CPU
Motherboard	Undead TUF X99
Cooling	Noctua NH-D15
Memory	GSkill 128GB DDR4-3000
Video Card(s)	EVGA RTX 3090 FTW3 Ultra
Storage	Samsung 960 Pro 1TB + 860 EVO 2TB + WD Black 5TB
Display(s)	32'' 4K Dell
Case	Fractal Design R5
Audio Device(s)	BOSE 2.0
Power Supply	Seasonic 850watt
Mouse	Logitech Master MX
Keyboard	Corsair K70 Cherry MX Blue
VR HMD	HTC Vive + Oculus Quest 2
Software	Windows 10 P

Processor	Intel Core i7 10850K@5.2GHz
Motherboard	AsRock Z470 Taichi
Cooling	Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory	32GB DDR4-3600
Video Card(s)	RTX 2070 Super
Storage	500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s)	Acer Nitro VG280K 4K 28"
Case	Fractal Design Define S
Audio Device(s)	Onboard is good enough for me
Power Supply	eVGA SuperNOVA 1000w G3
Software	Windows 10 Pro x64

System Name	RiseZEN Gaming PC
Processor	AMD Ryzen 7 5800X @ Auto
Motherboard	Asus ROG Strix X570-E Gaming ATX Motherboard
Cooling	Corsair H115i Elite Capellix AIO, 280mm Radiator, Dual RGB 140mm ML Series PWM Fans
Memory	G.Skill TridentZ 64GB (4 x 16GB) DDR4 3200
Video Card(s)	ASUS DUAL RX 6700 XT DUAL-RX6700XT-12G
Storage	Corsair Force MP500 480GB M.2 & MP510 480GB M.2 - 2 x WD_BLACK 1TB SN850X NVMe 1TB
Display(s)	ASUS ROG Strix 34” XG349C 180Hz 1440p + Asus ROG 27" MG278Q 144Hz WQHD 1440p
Case	Corsair Obsidian Series 450D Gaming Case
Audio Device(s)	SteelSeries 5Hv2 w/ Sound Blaster Z SE
Power Supply	Corsair RM750x Power Supply
Mouse	Razer Death-Adder + Viper 8K HZ Ambidextrous Gaming Mouse - Ergonomic Left Hand Edition
Keyboard	Logitech G910 Orion Spectrum RGB Gaming Keyboard
Software	Windows 11 Pro - 64-Bit Edition
Benchmark Scores	I'm the Doctor, Doctor Who. The Definition of Gaming is PC Gaming...